How did you solve the pagination in role based access system?

Question

In a system where user can read and interact with entities based on their role, how did you solve the problem of listing all the entities user has access to in a paginated manner?

jzelinskie · Accepted Answer

Disclaimer: I am a founder of Authzed (W21).
Generally, this problem is called ACL-Filtering[0][1] and can be done in two ways: a filter for selecting the entities from your database or as a filter after the entities have been returned from the database. Sometimes you might even have to do both.
If you decide to use a specialized database for permissions, similar to SpiceDB[2], there are often specialized APIs for directly listing the entities a subject has access to in various ways.
[0]: https://docs.authzed.com/reference/glossary#acl-filtering
[1]: https://authzed.com/blog/acl-filtering-in-authzed/
[2]: https://github.com/authzed/spicedb

viovanov · Answer

if you use something like OPA, it has partial evaluation [1], which would allow you to read in data, filter it based on your RBAC policy quickly until you have a pageful, then return to the caller together with some next page token that lets you remember where you left off.[1] https://blog.openpolicyagent.org/partial-evaluation-162750ea...